From: Bart Van Assche <bvanassche@acm.org>
Date: Fri, 31 Oct 2025 22:18:44 +0000 (-0700)
Subject: scsi: core: Improve sdev_store_timeout()
X-Git-Tag: v6.19-rc1~95^2~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=867e4b1bae4bc990dcdbc756f2caa680818036bd;p=thirdparty%2Fkernel%2Flinux.git

scsi: core: Improve sdev_store_timeout()

Check whether or not the conversion of the argument to an integer
succeeded. Reject invalid timeout values.

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://patch.msgid.link/20251031221844.2921694-1-bvanassche@acm.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
---

diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index 2cbbba192b246..6b347596ef198 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -648,10 +648,14 @@ static ssize_t
 sdev_store_timeout (struct device *dev, struct device_attribute *attr,
 		    const char *buf, size_t count)
 {
-	struct scsi_device *sdev;
-	int timeout;
-	sdev = to_scsi_device(dev);
-	sscanf (buf, "%d\n", &timeout);
+	struct scsi_device *sdev = to_scsi_device(dev);
+	int ret, timeout;
+
+	ret = kstrtoint(buf, 0, &timeout);
+	if (ret)
+		return ret;
+	if (timeout <= 0)
+		return -EINVAL;
 	blk_queue_rq_timeout(sdev->request_queue, timeout * HZ);
 	return count;
 }